Lighting a match in the dark web

Tag Archives: proxy server

Can you access .onion sites without the Tor Browser? Short answer? Yes, you can – but I don’t recommend it…I cannot stress this enough.

I’ve mentioned Tor2web proxies in a few previous posts, but didn’t elaborate on it much.

In their own words, “Tor2web is a project to let Internet users access Tor Onion Services without using Tor Browser.” Tor2web and Web2Tor are reverse proxies which allow clearnet users (such as someone using Chrome, Firefox, etc.) to access Tor hidden services.

The proxy listens on port 80 (or sometimes 443) on a clearnet server, and then proxies requests to the Tor hidden service.

Well, no – not great. In spite of its convenience, the problem with using these proxies is that whomever is operating the Tor2web proxy can spy on your web traffic. While this may not sound like a bad thing, if said proxy operator has malicious intent, then you (the user) are basically a sitting duck. Plus, if the point of Tor is being anonymous, and someone can detect your web traffic that defeats the whole purpose!

In fact, even onion.cab themselves – the proxy service, that is – warns users when they first try to access a site this way:

If this doesn’t sound bad, then it should be noted that not only can the operator see your web traffic, but they can also modify it and inject code if they so desire.

If you visit https://6zdgh5a5e6zpchdz.onion, but do so through onion.cab instead of through Tor, the proxy service injects piwik analytics code into the page, which looks something like this:

So why should you care? Well, the proxy service who injected the code now knows that your IP address accessed said onion service at a specific time. In addition, they’re also executing code on your browser that the operator of the original site is unaware of.

Within the code, some of the information that it can discover about you is:

The title of the page you’re viewing

An ID for the site

The time that you made the request

The exact URL you were looking at

The page that sent you to that URL

Details of which plugins you have installed

Whether cookies are enabled

Your screen resolution

A unique ID for you

Alternately, this third party operator can inject code into the site that may track you across hidden services – that is, if you’re using the onion.cab proxy.

Thus, if your concern is privacy, it should be obvious why you don’t want to give this information away. The same goes for any proxy, really, but again, if you’re using Tor for anonymity, then accessing so-called “hidden services” via the clearnet is pointless.

I know that a lot of people who explore the “dark web” for fun just say, “Give me links!” But if you want to explore those links, do so in the right way – use the Tor Browser (from https://www.torproject.org/), and don’t try to do so via the clearnet.

I forget exactly where I found this link – I think it was either Electronic Frontier Foundation or Privacy Tools – but it’s a list of supposedly anonymous proxy servers, generated by a set of particular search engine terms:

+”:8080″ +”:3128″ +”:80″ filetype:txt

This returns results for lists of proxy servers that use ports 8080, 3128, and 80, which are apparently more anonymous than average proxies.

You’ll get different results if you use different search engines, too:

Even so, as I mentioned in a few earlier posts, this all depends on whether you trust proxies at all. Which is why I haven’t used any of these, personally.

It’s similar to using a VPN in combination with Tor. Are you really anonymous when doing this? That depends on whether or not you trust your VPN provider! By the same token, it’s very risky to use certain proxies, unless you know what data the proxy server is collecting about you. Never mind the fact that .txt documents can contain malware (just as some PDFs on Tor do). Read Should You Trust Any Proxy? to find out a little more.

Regardless, it’s an interesting experiment to try Googling this, even if you don’t decide to use the proxy services themselves. Most of the sites look like this:

While the idea of “anonymous proxy server” sounds great, in theory, they could be just like malicious Tor exit nodes – intending to steal data or worse.

I’ve said this before, but it bears repeating – Tor is not the only way to access the so-called “dark web,” but it seems to be the most popular at the moment. In fact, there are many ways to do so. Oddly enough, many of the trending articles that discuss the dark web act as if Tor is the only way to reach it.

“Dark web” is essentially a metaphor for all the sites built on top of encrypted networks that require special software, configurations or permissions to access. I must clarify this, however – Tor, I2P, and Freenet are completely separate networks.

On previous posts I’ve mentioned Freenet, but there are other options too, and I2P is one of them. The reason that it probably doesn’t have the same reputation as Tor, or even Freenet for that matter, is that it’s a bit more complex to learn and use. (At least that’s my guess).

So, downloading I2P is the easy part; just go to Download – I2P and install it! The site offers packages for the following OS’s:

Windows

Mac OS X

GNU/Linux/BSD/Solaris

Debian/Ubuntu

Android

The tricky part, as you may have guessed, is the post-install work! Courtesy of their homepage, I’ll offer the steps:

After running the installer on Windows, simply click on the “Start I2P” button which will bring up the router console, which has further instructions.

On Unix-like systems, I2P can be started as a service using the “i2prouter” script, located in the directory you selected for I2P. Changing to that directory in a console and issuing “sh i2prouter status” should tell you the router’s status. The arguments “start”, “stop” and “restart” control the service. The router console can be accessed at its usual location. For users on OpenSolaris and other systems for which the wrapper (i2psvc) is not supported, start the router with “sh runplain.sh” instead.

When installing for the first time, please remember to adjust your NAT/firewall if you can, bearing in mind the Internet-facing ports I2P uses, described here among other ports. If you have successfully opened your port to inbound TCP, also enable inbound TCP on the configuration page.

Also, please review and adjust the bandwidth settings on the configuration page, as the default settings of 96 KBps down / 40 KBps up are fairly slow.

If you want to reach eepsites via your browser, have a look on the browser proxy setup page for an easy howto.

Did that read like a foreign language to you? Congratulations! It did to me too, at first. It may make more sense once you actually get into the process of setting it up…or not.

At first, I’ll admit I was somewhat intimidated by I2P, given that you couldn’t just install it and run it without a lot of configuration and forehand knowledge, but now that I’m more educated in that area, it’s kind of fun (believe it or not). Or maybe it’s because I’m a nerd, I don’t know…

Once you have the network up and running and you open it in a browser (e.g. Firefox), you should see a page like this:

Credit: 2009 Wikimedia Commons

As it says, that’s the I2P Router Console, and from that page you can configure just about everything about your connection, how much bandwidth you’re using, and what IP address your “identity” appears to be (not unlike Tor, actually)!

Let the Right One In

I had to include at least one creepy image.

Now, I have to confess that the part where I got held up was when I tried to access actual I2P sites (known as “eepsites”). I knew I was connected to the network, so that wasn’t the problem.

According to the official I2P FAQ, under the question explaining what eepsites are:

An eepsite is a website that is hosted anonymously – you can access it by setting your web browser’s HTTP proxy to use the web proxy (typically it listens on localhost port 4444), and browsing to the site.

I did this, but I was still unable to access a number of the eepsites (or at least the featured ones on the router console). Therefore, my thought was that the sites themselves were down.

Either that, or my firewall settings were preventing me from accessing the sites – I plan on modifying those and giving this another try. Of note: eepsites also tend to go down often (not unlike .onion sites), so that could also be the problem.

But Wait…There’s More!

Like its darknet cousin Freenet, I2P offers several main features:

Email/Messaging: I2P has a few different messaging services. The main ones are a built-in email application and I2P-Bote, a secure messaging platform somewhat akin to Freenet’s FMS (Freenet Messaging System) application.

I2P-Bote is a P2P email service; there is no central server that stores your personal data. Email messages are stored in encrypted form on the computers of other I2P-Bote users, which is how it differs in its structure from standard email services. No one with the ability to read your emails actually stores them on their servers.

If you check out the link above, it breaks down many of the security features of I2P-Bote, including its encryption method(s), and anonymity components.

This end-to-end encryption is the default with I2P-Bote. Beyond that, I2P-Bote also sanitizes email headers, taking out any unimportant information, and encrypts what’s left (e.g. the subject line).

I don’t know about you folks, but I find that very reassuring!

IRC (Internet Relay Chat): Some of you are probably already familiar with IRC – it’s been around since the internet’s early days (1988, believe it or not)! The difference with I2P is that it has an IRC service that allows users to chat anonymously. Similar services exist on Tor, by the way. I have yet to use the chat service, but I plan on doing so in the future (and perhaps writing a separate post about it). According to The Tin Hat’s how-to guide:

“Often controversial topics are talked about in these channels, but nobody is afraid of offering what may be a very valid, but unpopular opinion, pushing you to explore new ideas from new perspectives.”

And I can’t help but be reminded of an episode of Numbers while reading that line where they said this:

Uhh…no it isn’t. But I digress. If you do end up using I2P’s IRC, The Tin Hat recommends the chat rooms #salt and #i2p-chat, which you can connect to by setting your IRC client (such as X-Chat) to 127.0.0.1 on port 6668. If you already have experience with this, feel free to give me some feedback on how it went!

Torrents: Oh my God, you can torrent over I2P? Yes – in fact, some would say that gives it an advantage over Tor, which strongly advises against torrenting over their network.

I2P offers The Postman Tracker and I2PSnark. The former is a lot like The Pirate Bay, and the latter is very similar to µTorrent. Again, I have yet to try out this feature, but according to my research, the torrenting feature only provides more cover-traffic, which actually improves your anonymity (as opposed to Tor)!

I2P also gives the user an advantage in that they can use it as a proxy for clearnet torrents, like BitTorrent or µTorrent. That way you’re less likely to get some ominous letter from the RIAA, or have others users spying on your torrents. It’s not 100% foolproof, but I’d say it’s smarter.

Beyond that, there is an I2P plugin for the Vuze torrent client called I2P Helper; if you intend to use I2P primarily for torrenting, then it works very well in this context. I2P Helper allows you to download torrents from both the clearnet and the dark web simultaneously. To boot, you can configure Vuze to use I2P by itself, or an already running external I2P router.

One of the positive things about using I2P for torrenting is that there is very little child pornography or other questionable material on the torrent trackers (despite claims to the contrary). Rather, there are quite a few sci-fi books, programming books, leaked government documents, movies, and music.

Its downside, however, is speed, which on average is about 30KBps (compared to roughly 1-2 MB/s on most other torrenting sites). The trade-off, of course, is the anonymity factor. You’re much less likely to get discovered and sued by angry record labels and movie studios if you’re using I2P, as opposed to their “cousins” on the clearnet. So the choice is yours.

Give Me Links! Give Me Links!

All right, you asked for it! I haven’t vetted any of these links, so enter at your own risk. These links are courtesy of DCJTech.info: DarkWeb Link List. I have to admit, they’re much easier to remember than most .onion addresses, aren’t they?

OK, OK – I know that song is so2013, and this technically isn’t about the dark web – but it still relates, I promise.

The reason I considered covering this is because I became concerned about confidentiality and privacy on the internet, particularly as I started delving into the darker side of things.

For the techies among us, I’m sure you already know how proxy servers work. That being said, for those who are unfamiliar with the concept, a proxy server allows you to reach a website (or another online destination), even if it’s blocked or restricted in your country, or by your ISP. Obviously, this can be a very helpful anti-censorship tool.

An open proxy server is the simplest type, more or less. this is one of the most common types of proxies. They are accessible by any internet user. This is as opposed to a closed proxy (which would only allow users within a specific network to access it). An example of a real web proxy is kifkifgo.ml, which is located in the U.S. There are many sites on which you can find lists of public proxy servers – just simply Google them. These include Public Proxy Server – Free Proxy Server List and XROXY.COM – Open Proxy List

Transparent Proxies:

Like an HTTP proxy, a transparent proxy server is also a caching server, but in this case, is configured in such a way that it eliminates the client side (browser side) configuration. In most cases, the proxy server resides on the gateway and intercepts the web requests (port 8080, 544, etc.) from the clients; it receives the content for the first time and thereafter replies from its local cache.

The term “transparent” refers to the fact that the client (i.e. you) doesn’t know that a proxy server is acting on their behalf. Think of it like a spy movie: you’re the hero, and you need some confidential information that could potentially get you arrested. The transparent proxy would be the undercover agent who enters the enemy compound and retrieves it for you – except you, the hero, wouldn’t even know about that person doing the dirty work.

Transparent proxy servers are generally used in big corporate organizations where the client side configuration is not easy (due to the number of clients). This type of server is also used in ISP’s to reduce the load on the bandwidth usage.

Reverse Proxies:

A reverse proxy, as opposed to the first two, is designed for the benefit of the web server rather than its clients. More or less, a reverse proxy resides on the web server end, and will cache all the static answers from the web server and reply to the clients from its cache to reduce the load on the web server.

In that sense, a reverse proxy is kind of like the bell staff at a hotel – the static answers from the web server are akin to all the requests for “Can you carry this?” This arrangement is also known as Web Server Acceleration.

Proxy Lady…Comin’ to Getcha!!

So FoxyProxy, in their words, “is a set of proxy and VPN management tools for OS/X, Windows, iOS, Android, Chrome, Firefox, and Linux. We also offer reliable, high-bandwidth VPN and proxy servers in 60 different countries.”

The difficulty with finding a proxy or VPN is that there are many services that are simply flat-out scams. FoxyProxy is definitely one of the legit ones, though.

They actually offer a number of different services, including FoxyProxy Basic, FoxyProxy Standard, and GeoShift (which changes your IP address from a list of different countries).

Once you have FoxyProxy installed, you can use its web proxy settings simply by typing in the URL (like you would normally do). Its standard setting is “Use Proxy Default for all URLs.” The setting (in Firefox) looks more or less like this:

Select the “Add New Proxy” button above in order to manually add proxy servers. In Chrome, the window looks like this:

The Settings window will pop up, in which you can manually or automatically configure a proxy connection (depending on your level of knowledge, and preferences):

On top of that, you can also specify when a proxy is (or is not) used, under “URL Patterns.” This includes a whitelist and blacklist of different URL patterns, as seen below:

In my personal experience, I’ve found all of these to be extremely helpful! Even if you’re not particularly familiar with the concept, FoxyProxy can still be an excellent tool to help circumvent censorship and in turn, protect your anonymity.

While you can do some of this without the FoxyProxy extension, it definitely does some of the legwork for you – and it also works well for users who have never attempted to use proxy servers of any kind.

In short, yes – I like it!

I have yet to try the advanced version, but I may cover that in a later post.